ProtonMail
ProtonMail is an end-to-end encrypted email service operated by Proton AG, offering secure messaging with zero-access encryption where even Proton cannot read user emails. The service uses open-source OpenPGP encryption and operates from Switzerland under privacy-protective governance.
Score generated by AI agents based on publicly cited evidence and reviewed by the project maintainer. Not independently validated.
Score History
Timeline events are AI-curated from public reporting. Score trajectory is derived from documented events.
ProtonMail launched from CERN as a mission-driven encrypted email beta, crowdfunded by 10,000 supporters. The product was minimal but principled: open-source encryption, no advertising, no venture capital. Structural enshittification risk was near zero, with the only friction coming from encryption's inherent usability costs and the nascent state of the product.
ProtonMail exited beta with v3, removing the invitation waitlist and launching iOS and Android apps. The $2M seed round from CRV and FONGIT provided stability without VC pressure. The 2015 DDoS attack tested operational resilience. Swiss jurisdiction provided strong privacy protections, though marketing claims about IP logging went further than legal obligations would allow. The freemium model and paid-only Bridge began establishing mild lock-in patterns.
Proton expanded beyond email with ProtonVPN (2017), the Tor onion site, and Proton Calendar beta. The product suite grew but remained modular. All clients were progressively open-sourced. Lock-in increased slightly as the ecosystem deepened, and the freemium model relied on internal promotions to drive paid conversions. Regulatory posture improved after the Google search suppression incident raised awareness of platform dependency.
The French climate activist IP logging incident exposed the gap between ProtonMail's marketing claims and its legal obligations under Swiss law. The company removed 'no IP logging' claims from its website and updated its privacy policy. However, Proton also won a Swiss court ruling exempting email services from telecom data retention, and co-founded two coalitions to fight app store monopolies and promote competitive digital markets. The incident was a trust crisis that Proton addressed with greater transparency rather than resistance.
Proton rebranded from ProtonMail to Proton, unifying all services under a single account. The acquisition of SimpleLogin and restructured pricing tiers marked a strategic shift toward an integrated privacy ecosystem. Bundled pricing meant users wanting better email had to buy the full suite. XSS vulnerabilities were discovered and patched. The company passed 70 million accounts while maintaining its bootstrapped, VC-free structure.
Proton established the non-profit Proton Foundation as its controlling shareholder, structurally preventing hostile takeovers. Product expansion continued with Standard Notes acquisition, Proton Pass, Proton Wallet, desktop app, and Scribe AI. The inactive account deletion policy and discontinued bulk export tool increased switching friction. The Catalan activist recovery email disclosure showed ongoing tension between Swiss legal compliance and privacy expectations. Revenue reached approximately $97.5M with 100 million accounts.
ProtonMail maintains its position as the leading privacy-focused email service with over 100 million accounts. The Lumo AI marketing email dark pattern incident, Phrack journalist account suspension, and CEO political neutrality controversy introduced minor governance and trust concerns. Proton's proactive infrastructure relocation from Switzerland in response to surveillance legislation demonstrates continued commitment to privacy. The non-profit foundation structure remains the strongest structural safeguard against enshittification in the email market.
Alternatives
Australian privacy-focused email with a clean interface, custom domain support, full IMAP/SMTP access on all paid plans (including the $3/month entry tier), and excellent import tools. Moderate switch — use Easy Switch to import from Gmail, then set up forwarding. No end-to-end encryption by default, but more standards-compliant for use with third-party email clients.
ProtonMail is part of the broader Proton suite — if you need encrypted email plus VPN, cloud storage, calendar, and password manager, the full Proton Unlimited plan bundles everything. Consider upgrading to the full suite before switching away from ProtonMail specifically.
German end-to-end encrypted email and calendar service with a free tier and open-source clients. Easy switch — similar privacy model to ProtonMail with zero-knowledge encryption. The free tier offers 1GB storage with fewer restrictions than ProtonMail's free tier. Lacks IMAP support by design (all encryption is proprietary).
Dimensional Breakdown
Summaries below were written by AI agents based on the cited evidence. They are editorial interpretations, not independent research findings.
Dimension History
Timeline (52 events)
ProtonMail enters public beta at CERN
ProtonMail was launched as a public beta by CERN scientists Andy Yen, Jason Stockman, and Wei Sun. The service offered end-to-end encrypted email inspired by Edward Snowden's 2013 surveillance revelations. Beta signups had to be temporarily suspended after three days due to overwhelming demand.
PayPal freezes ProtonMail crowdfunding funds
During ProtonMail's Indiegogo crowdfunding campaign, PayPal froze the project's account without warning after approximately $300,000 had been raised. PayPal later unfroze the funds, attributing the incident to a technical error. The campaign ultimately raised $550,377 from 10,576 donors, over five times the $100,000 goal.
ProtonMail raises $2M seed funding from CRV and FONGIT
ProtonMail received $2 million in seed funding from Charles River Ventures and the Fondation Genevoise pour l'Innovation Technologique (FONGIT), a non-profit backed by the Swiss Federal Commission for Technology and Innovation. This was the company's first institutional funding. ProtonMail had 350,000 beta signups at the time.
ProtonMail v2 launches with open-source web client
ProtonMail released version 2.0 with a completely rewritten codebase and made the entire web client open source, becoming one of the first major email providers to do so. A bug bounty program was launched simultaneously. Over 500,000 users were using the service at this point.
Massive DDoS attack takes ProtonMail offline for days
ProtonMail suffered a sustained DDoS attack exceeding 100 Gbps that knocked the service offline for multiple days. The attack was so powerful it affected the Swiss datacenter's upstream ISP, taking down unrelated companies and banks. ProtonMail initially paid a 15 bitcoin ($6,000) ransom before partnering with Radware for DDoS mitigation. A criminal investigation was opened with Europol assistance.
ProtonMail pays DDoS ransom before investing in mitigation
Under pressure from other companies affected by the collateral damage of the attack, ProtonMail paid a 15 bitcoin ransom to the attackers. The attacks continued anyway, prompting ProtonMail to partner with IP-Max and Radware for professional DDoS mitigation. The incident cost ProtonMail an estimated $100,000 and led to permanent infrastructure improvements.
ProtonMail v3 exits beta with global public launch
ProtonMail released version 3.0, officially exiting beta after two years. The release included a redesigned web client, iOS and Android beta apps, and removal of the invitation waitlist. The service was now available to anyone worldwide without restrictions.
ProtonMail accuses Google of suppressing search results
ProtonMail discovered it had been invisible in Google search results for queries like 'secure email' and 'encrypted email' since November 2015. The delisting lasted nearly a year and reduced ProtonMail's worldwide growth rate by over 25%, directly cutting income by 25%. Google acknowledged it had 'fixed something' without explanation. The incident was unique to Google; all other search engines returned ProtonMail normally.
ProtonMail launches Tor onion site for censorship resistance
ProtonMail launched a Tor hidden service (.onion address), becoming the largest email provider to officially support Tor. The move added a third layer of encryption on top of HTTPS and PGP, enabling users in countries with internet censorship to access encrypted email. The Tor Project assisted with the implementation.
Proton VPN launches with free tier
Proton launched its VPN service, ProtonVPN, to provide ProtonMail users with a trustworthy VPN. The service included a free tier with no data limits, making it one of the few reputable free VPN services. This marked Proton's first product expansion beyond email.
Apple demands Proton remove in-app payment independence
Apple demanded that Proton move in-app purchases to Apple's payment system or face removal from the App Store. Because Proton was forced to sell through the App Store and prohibited from directing customers to its website, the company had to raise iOS subscription prices to cover Apple's 30% commission, making the iOS app more expensive than direct signup.
ProtonMail launches GDPR.eu compliance resource
Ahead of the EU General Data Protection Regulation taking effect, ProtonMail launched GDPR.eu, a comprehensive free resource site to help organizations understand and implement GDPR requirements. The company also incorporated a GDPR Data Processing Agreement into its terms of service, positioning itself as a GDPR-compliant email solution for businesses.
Russian-linked phishing campaign targets Bellingcat journalists
A months-long phishing campaign targeted over 30 ProtonMail users including Bellingcat journalists and Russia-focused researchers. Attackers created a fake mailproton.me domain to steal credentials. The campaign bore hallmarks of Fancy Bear (APT28), a Russian military intelligence-linked group. ProtonMail's anti-phishing measures prevented the attack from succeeding.
ProtonMail iOS app goes fully open source
ProtonMail made its iOS app fully open source on GitHub after an independent security audit by SEC Consult. This followed the web client's open-sourcing in 2015. The move extended the company's transparency commitment to mobile platforms.
Proton Calendar launches in beta as encrypted alternative
ProtonMail launched Proton Calendar as a public beta, initially available to paid subscribers. The service used client-side encryption for event titles, descriptions, locations, and participant lists, positioning it as the 'first fully encrypted calendar app' and an alternative to Google Calendar.
Apple threatens to remove ProtonVPN over anti-censorship language
Apple demanded that ProtonVPN remove language from its App Store description stating the app could be used to 'unblock censored websites.' Apple applied this restriction globally, requiring removal in all countries including those with protected free speech. ProtonVPN had been on the App Store since 2018 with the same functionality described.
ProtonMail Android app goes open source after security audit
ProtonMail's Android app was made open source on GitHub after passing an independent security audit by SEC Consult. This made the Android app the last ProtonMail client to go open source, completing the transparency commitment across web, iOS, Android, and Bridge platforms.
Proton Mail Bridge goes open source
Proton released the source code for Proton Mail Bridge on GitHub for macOS, Windows, and Linux. Bridge is the application that enables IMAP/SMTP access for third-party email clients. Open-sourcing it allowed independent verification of how the encryption handoff between Proton's servers and desktop clients works.
Proton co-founds Coalition for App Fairness against Apple and Google
Proton joined Epic Games and 12 other companies to establish the Coalition for App Fairness, challenging Apple and Google's app store monopolies. The coalition specifically targeted the mandatory 30% commission on in-app purchases, which Proton argued disproportionately penalizes subscription-based privacy services that cannot monetize user data. The coalition grew from 13 to 40 members within a month.
Proton Drive enters beta for encrypted cloud storage
Proton launched Proton Drive in beta for paid subscribers, adding end-to-end encrypted cloud storage to the product suite. Development had been supported by a European Union Horizon 2020 grant. The beta opened to free users in June 2021.
Apple blocks ProtonVPN updates during Myanmar crisis
Apple rejected ProtonVPN app updates during Myanmar's military coup, when ProtonVPN signups in Myanmar had spiked to 250x normal levels. The United Nations had recommended ProtonVPN for documenting human rights abuses. Apple cited the same anti-censorship language dispute from 2020. The update was eventually approved on March 19 after Proton modified the description, but the timing drew global criticism.
ProtonMail v4 web app redesign launches
ProtonMail released a major redesign of its web interface with customizable themes, improved keyboard shortcuts, quick filters, and better accessibility. The redesign aimed to bring ProtonMail's user experience closer to mainstream email clients while maintaining its security architecture.
ProtonMail logs French climate activist's IP address for police
ProtonMail disclosed the IP address and device information of a Youth for Climate activist to French authorities via a Swiss court order routed through Europol. The activist was subsequently arrested. The incident revealed that despite marketing claims of not logging IP addresses, ProtonMail could be legally compelled to begin logging specific accounts under Swiss criminal investigation. The revelation generated intense criticism given ProtonMail's privacy branding.
ProtonMail removes 'no IP logging' claim from website
Following the French activist IP disclosure, ProtonMail removed the claim 'We do not keep any IP logs which can be linked to your anonymous email account' from its homepage. The privacy policy was updated to state: 'If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address.' CEO Andy Yen acknowledged the company needed greater transparency about its legal obligations under Swiss law.
Securitum completes security audit of all Proton apps
Securitum, a leading European security auditing company, completed an independent security audit of the new Proton Mail and Proton Calendar web applications. The audit found no major issues or security vulnerabilities. This was part of Proton's commitment to regular third-party security reviews.
Swiss court rules email services exempt from telecom data retention
The Swiss Federal Administrative Court ruled that email providers are not telecommunications providers under Swiss law, exempting them from data retention obligations imposed on telcos. Proton had appealed after the Swiss Post and Telecommunications Surveillance Service attempted to classify it as a telecom provider in September 2020. The ruling was a significant privacy victory for Swiss-based email services.
Proton co-founds Coalition for Competitive Digital Markets
Proton co-founded the Coalition for Competitive Digital Markets with Open Xchange and Element, focused on strengthening interoperability and anti-bundling provisions in the EU Digital Markets Act. The coalition grew to represent over 50 companies from 16 countries and worked alongside the European Digital SME Alliance's 45,000+ members.
Proton acquires email aliasing service SimpleLogin
Proton acquired SimpleLogin, a French email aliasing startup with over 100,000 users and 2 million email aliases created. SimpleLogin remained open source, email-provider agnostic, and continued operating from Paris with its own team. Existing subscription terms were honored. The acquisition complemented ProtonMail by letting users shield their real email addresses.
ProtonMail rebrands to Proton with unified ecosystem
ProtonMail rebranded to Proton, unifying Proton Mail, Proton VPN, Proton Calendar, and Proton Drive under a single account and brand at proton.me. The rebrand included new logos, a visual overhaul, and restructured pricing tiers: Free, Mail Plus ($5/month), and Unlimited ($12/month). Existing users received storage upgrades at no extra cost. The move signaled a shift from a single email product to an integrated privacy ecosystem.
SonarSource discovers XSS vulnerabilities in Proton Mail web client
Security researchers at SonarSource discovered cross-site scripting vulnerabilities in Proton Mail's web client that could have allowed attackers to steal emails and impersonate users. The vulnerabilities affected the DOMPurify HTML sanitizer bypass. Proton fixed the issues shortly after responsible disclosure in June 2022. No in-the-wild exploitation was detected. Nearly 70 million users were potentially at risk.
Proton Drive exits beta for general availability
Proton Drive officially launched out of beta after two years of development, offering end-to-end encrypted cloud storage to all Proton users. Mobile apps for iOS and Android followed in December 2022. The launch expanded the Proton ecosystem, deepening users' investment in the platform.
Proton Pass password manager launches in beta
Proton announced Proton Pass, an end-to-end encrypted password manager, initially in beta for existing Proton users. The global launch followed on June 28, 2023 under a freemium model. The source code was released under GPLv3 after a Cure53 security audit. This was Proton's fifth major product, further expanding the ecosystem.
Proton raises monthly Unlimited price to $12.99
Proton increased the monthly Unlimited subscription price from $11.99 to $12.99 for new subscribers. Annual and biennial plans were not affected, nor were existing monthly subscribers. This was the first price increase since the 2022 rebrand restructuring.
Proton Mail desktop app launches in beta for paid users only
Proton released a dedicated desktop email application in beta for macOS and Windows, with a Linux version following. Despite earlier indications that the app would be available to all users, Proton restricted it to paid subscribers, citing infrastructure demands. Free accounts received only a 14-day trial. The restriction drew criticism as a limitation on a basic email feature.
Proton Mail desktop app officially launches as paid-only
After the beta period, Proton officially launched the Proton Mail desktop app for Windows, macOS, and Linux. The app remained restricted to premium subscribers despite community requests for free-tier access. A Proton spokesperson said the decision was made after 'a highly positive response during the beta phase' and cited significant infrastructure and maintenance demands.
Proton implements 12-month inactive account deletion policy
Proton's updated inactive account policy took effect, automatically deleting free accounts and all associated data after 12 months of inactivity across all Proton services. Users receive warnings at 30, 15, and 7 days before deletion. Accounts created before April 2024 received a 24-month grace period. Previously, accounts with any premium subscription history were exempt, but that exemption was revoked.
Proton acquires encrypted note-taking app Standard Notes
Proton acquired Standard Notes, an end-to-end encrypted note-taking app with over 300,000 users. Like the SimpleLogin acquisition, Standard Notes remained open source with existing subscription terms honored. Both companies emphasized shared values around encryption, open source, and independence from venture capital. This was Proton's second acquisition in two years.
Proton Mail recovery email leads to arrest of Catalan activist
Proton disclosed a user's recovery email address to Spanish authorities investigating a member of the Catalan pro-independence movement Tsunami Democratic. The recovery email was an iCloud address, which Apple then used to identify the activist. Proton emphasized it provided 'privacy by default, not anonymity by default' and that the recovery email was the only data it could disclose. The incident renewed debate about the limits of encrypted email's privacy guarantees.
Proton launches updated business plans with Mail Professional tier
Proton restructured its business offerings, launching the Mail Professional tier at $9.99/month per user and updating other business plans with more flexibility. The changes aimed to make Proton competitive with Google Workspace and Microsoft 365 for small and medium businesses, though bundled pricing remained a concern for email-only business users.
Proton establishes non-profit foundation as controlling shareholder
Proton AG transferred majority ownership to the newly established Proton Foundation, a Swiss non-profit. The foundation's board of trustees included Tim Berners-Lee (inventor of the World Wide Web) and Oxford professor Carissa Veliz. The foundation's legally binding purpose is to advance privacy, freedom, and democracy. No change of control can occur without the foundation's consent, structurally preventing hostile takeovers or VC-driven extraction.
Proton Scribe AI writing assistant launches with on-device option
Proton launched Proton Scribe, a privacy-first AI writing assistant built on the open-source Mistral 7B model. Scribe can run entirely on-device, ensuring no data leaves the user's machine. The tool is open source and does not train on inbox data due to Proton's zero-access encryption. It was included free with Proton Duo, Family, and Visionary plans.
Proton launches self-custody Bitcoin wallet
Proton released Proton Wallet, a self-custody Bitcoin wallet integrated with the Proton ecosystem. Users could send Bitcoin to other Proton users via email address. The wallet was initially limited to Proton Visionary Plan subscribers. Privacy Guides criticized the wallet as poorly conceived, noting it lacked support for privacy-focused cryptocurrencies like Monero.
Proton lifetime fundraiser raises record $927K for digital rights
Proton's 2024 Lifetime Account Charity Fundraiser raised $927,470 from over 90,000 tickets sold to 43,631 participants. With Proton's additional $150,000 contribution, the total reached $1,077,470. Since 2018, the annual fundraiser has donated over $4 million to more than 40 organizations supporting privacy, press freedom, and digital rights worldwide.
CEO Andy Yen's Republican praise sparks political neutrality controversy
CEO Andy Yen posted on X that 'Republicans were more inclined to take on Big Tech monopolies than corporate-aligned Democrats.' Proton's official Reddit account echoed the sentiment in a now-deleted comment. The posts contradicted Proton's professed political neutrality and drew significant backlash from privacy-focused users. Proton issued a clarification attributing the incident to 'internal miscommunication' and implemented a policy prohibiting official accounts from expressing political opinions.
Indian court orders Proton Mail blocked nationwide
The Karnataka High Court directed the Indian government to block Proton Mail under Section 69A of the Information Technology Act after a Delhi firm alleged employees received AI-generated deepfake abuse sent via the service. Proton responded that 'blocking access to Proton Mail simply prevents law-abiding citizens from communicating securely.' The block had not been enforced as of early 2026, with the service remaining accessible in India.
Proton joins antitrust class-action lawsuit against Apple
Proton joined an existing class-action antitrust lawsuit against Apple, filing its own complaint alleging that Apple's 30% commission, mandatory in-app payment system, and restrictions on alternative app stores violate U.S. antitrust law. Proton added a privacy-focused argument: Apple's pricing model penalizes subscription-based privacy services while incentivizing surveillance capitalism. Proton pledged to donate any monetary damages received.
Proton passes SOC 2 Type II audit for enterprise credibility
Proton completed its first SOC 2 Type II attestation, conducted by Schellman. The audit verified that Proton maintains robust and consistent security controls across access management, incident response, system monitoring, and risk assessment. All Proton services were covered. SOC 2 Type II is a baseline requirement for many regulated industries considering new vendors.
Proton launches Lumo privacy-first AI chatbot
Proton released Lumo, a zero-access encrypted AI chatbot running on open-source models from European data centers. Conversations are not logged and chats are stored with zero-access encryption. A 'ghost mode' makes sessions disappear entirely when closed. Lumo is free to use without a Proton account; Lumo Plus costs $12.99/month for additional features.
Proton begins relocating infrastructure from Switzerland over surveillance law
In response to proposed revisions to Swiss surveillance law (BUPF/VUPF) that would mandate user identification and metadata retention for platforms with over 5,000 users, Proton announced relocation of most physical infrastructure to Germany and Norway. Lumo was the first product moved to German servers. Proton committed to investing over CHF 100 million in new facilities while keeping its headquarters and legal entity in Geneva.
Proton suspends Phrack journalist accounts at CERT request
Proton suspended email accounts of two journalists working on a Phrack article about North Korean state-sponsored hackers (Kimsuky). Proton cited a CERT alert about account misuse but did not identify the CERT or explain the criteria for suspension. One journalist's personal account was also disabled. Accounts were only reinstated after the Phrack X account posted publicly, garnering 150,000+ views. Proton provided no clear explanation for the reversal, raising concerns about abuse-response transparency.
Proton Mail v7 mobile apps rebuilt with offline mode
Proton released completely redesigned iOS and Android apps built from the ground up with approximately 80% shared code. The v7 release added offline mode for reading, composing, and organizing email without a connection, with changes syncing automatically. Performance was doubled for scrolling, archiving, and replying compared to the previous version.
Lumo marketing email bypasses user opt-out preferences
Proton sent a marketing email about Lumo AI to users who had explicitly disabled product update notifications. Proton had created new email preference categories defaulted to 'enabled,' circumventing existing opt-outs. Support attributed the email to the 'Proton for Business newsletter' despite Lumo-specific content. The incident generated 384 points and 241 comments on Hacker News, with users questioning Proton's trustworthiness. The consent bypass was identified as a textbook dark pattern.